Filtered by vendor Phpgurukul
Subscribe
Total
221 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-23157 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page. | |||||
CVE-2023-23156 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. | |||||
CVE-2023-23155 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login. | |||||
CVE-2023-23163 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter. | |||||
CVE-2023-23162 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php. | |||||
CVE-2023-23161 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 6.1 MEDIUM |
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. | |||||
CVE-2023-46026 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2023-12-10 | N/A | 4.8 MEDIUM |
Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters. | |||||
CVE-2023-47446 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2023-12-10 | N/A | 5.4 MEDIUM |
Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter. | |||||
CVE-2023-48016 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2023-12-10 | N/A | 7.5 HIGH |
Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. | |||||
CVE-2023-46025 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2023-12-10 | N/A | 4.9 MEDIUM |
SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter. | |||||
CVE-2023-47445 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2023-12-10 | N/A | 9.8 CRITICAL |
Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page. | |||||
CVE-2023-46024 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2023-12-10 | N/A | 7.5 HIGH |
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter. | |||||
CVE-2023-41575 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2023-12-10 | N/A | 5.4 MEDIUM |
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters. | |||||
CVE-2023-46584 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-12-10 | N/A | 9.8 CRITICAL |
SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. | |||||
CVE-2023-37772 | 1 Phpgurukul | 1 Online Shopping Portal | 2023-12-10 | N/A | 8.8 HIGH |
Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. | |||||
CVE-2023-37771 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-10 | N/A | 9.8 CRITICAL |
Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. | |||||
CVE-2023-37687 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-12-10 | N/A | 7.2 HIGH |
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal. | |||||
CVE-2023-41594 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2023-12-10 | N/A | 7.5 HIGH |
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters. | |||||
CVE-2023-37690 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-12-10 | N/A | 4.8 MEDIUM |
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page. | |||||
CVE-2023-37745 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-12-10 | N/A | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component. |